By Kristian Kißling
If you are looking to set up a small home network with a print server, file server, and maybe even a mail server, you can be entirely satisfied with what Linux offers you out of the box. Your distribution's package manager will let you install all the software you need, although you might break a sweat when you start configuring and coordinating the individual services. This learning experience is useful but also takes a fair amount of time.
The eBox SME server can help shorten your configuration marathon. SME stands for "small- to medium-sized enterprise" and describes the typical environment for the server. That said, eBox is a useful server product for more challenging home networks and for small business offices. The software, which has Ubuntu underpinnings, offers users a unified (web) interface - similar to YaST on openSUSE - that lets you manage the full set of services. The modular system then feeds your input to the corresponding configuration files behind the scenes.
Before you deploy eBox, it makes sense to know something about networks, such as why you need a DNS server and what a DHCP server does. The manual that comes with the software [1] is dozens of pages thick, so I can only give you a short overview of the server's versatility. The modules include a DNS server, a DHCP server, a print and file server, an http proxy, a mail server, an OpenVPN module, a groupware server, a firewall, and more.
The interface lets you manage certificates; control the firewall; and set up users, groups, and shares, as well as handle traffic balancing (distributing access to a specific resource to avoid overload) and traffic shaping (ensuring that competing uploads and downloads between servers and clients don't get in each other's way). The eBox portfolio is impressive in its own right, but the eBox developers' main claim to fame is the clever way in which they integrate all of these services.
The project is maintained primarily by Spanish developers. The software arose from a cooperation between DBS Servicios Informaticos and Warp Networks in 2004. eBox was designed as an easy-to-manage server and is now in the hands of eBox Technologies. eBox is GPLd, so the company relies on capital from investors, subsidies, and commercial support to earn a living. Version 1.0 of the software was released recently.
The eBox user should be familiar with the details of how the eBox services work. That said, the software also targets less experienced users. In this case, some caution is advisable: If you configure eBox incorrectly, you can block your network. eBox helps experienced admins avoid manual parameterization of individual services.
eBox is accessible on the local network in its file and print server roles. If you use a server with two network cards, you can set the machine up as a gateway that gives you safe and quick Internet access. eBox can replace a router in this case, and an internal firewall keeps the server secure.
Out of the box, the server runs on Ubuntu "Hardy Heron" (version 8.04); however, the eBox package released with Ubuntu "Intrepid Ibex" (8.10) reportedly does not install properly. Packages are available for either distribution from the PPA for eBox Platform site [2]. A standalone distribution with an installer and a Live CD are available as well. The Live version lets you test eBox without risking your network setup while allowing you to gain initial experience with the interface.
To launch the Live version at boot time, type live. The password for logging in to the eBox web interface is ebox. The distribution gives you a plain IceWM desktop equipped with the Firefox browser, the Mutt email client and the text-based W3m and Links browsers. At the web interface, you can set up various services - the configuration settings are shown to the right in each window, with the services and the configurable areas on the left. To start, create a new password and click Change, followed by Save changes, and finally Save to make the change permanent - a somewhat convoluted approach.
Selecting Dashboard at the top left takes you to an overview with the details for your network interfaces, as well as for active and disabled services (Figure 1). At the bottom right below "DHCP leases," you can see the computers that are currently and have recently logged on to the server. Farther down, you see an overview of the active and inactive services (Figure 2). The widgets on the desktop change to reflect what you are doing with eBox.
The Module Status item in the list on the left lets you enable and disable modules. For example, if you do not explicitly launch a DHCP server as a service after configuring it, the server will refuse to work later on. Most modules are disabled by default to prevent potential attackers from invading your network while you are busy finishing your eBox configuration. Before you can start some modules, you need to launch dependent modules first; for example, the Squid HTTP Proxy requires the Network and Firewall modules. For traffic shaping and balancing, to control incoming and outgoing network traffic, you need to set up at least two gateways.
When you make a change, the box to the top right beside Save changes turns red. Clicking the box applies your changes. In some cases, the software will ask you whether you want to save the changes. In other cases - in line with Debian policy - you need to manually and individually confirm changes to critical configuration files.
A step-by-step tutorial is available from the eBox forum [3] to guide you through the initial setup scenario. The tutorial assumes that you will be setting up a server with two network adapters: One adapter links your network to your provider, and the other serves the local users and has a private IP address. This scenario also assumes that your network includes a standard router that uses DHCP to assign IP addresses.
The ability to configure eBox from another computer is interesting. To do so, you just need to plug the machine's Ethernet cable into your router and do the same for your eBox server. After you complete the installation, eBox will not boot to a graphical desktop - in contrast to the Live system - and this makes configuration on the server machine fairly tricky.
When you boot eBox, the internal network cards are assigned IP addresses, which you can discover with /sbin/ifconfig: In this example, I will be using 192.168.0.12. Armed with the addresses, you can then go to your client machine and use https (https://192.168.0.12) to connect with the server. When I tried http, I was told It works!, but I did not see the eBox login.
After logging in to the eBox interface and typing the ebox password, you need to configure the other network card that eBox is not currently using and assign a static IP address. eBox will use this address later to assign IP addresses on the local network. At each step, save the changes you make and then go to System | Date/Time to set up an NTP server that will retrieve the current time from the Internet. Then go to DNS and set up your nameserver and assign a domain name to your private network, such as ebox.net.
In the DHCP item, configure the DHCP server for the network interface with the static IP address. The important thing is to specify a range of IP addresses for the DHCP server to assign in Add a new range, such as the addresses between 192.168.1.100 and 192.168.1.150 (Figure 3). Now select eBox as your gateway, and the local DNS server you just set up as your primary nameserver - don't forget to visit the Module Status section to enable the DHCP and DNS servers after you have finished configuring them.
The next step is to set up a user and a group, before preparing eBox for life as a file server. The feature for this is File sharing | General settings. Don't forget to set a Quota limit to keep your users from filling your hard disk up to the brim. Then in the File sharing | Share section, set up a share folder to allow users to access the eBox shares (Figure 4). eBox creates this directory in /home/samba/shares if you select Directory under eBox. In the List of samba shares table, click the icon in the Access Control column to, for example, assign user permissions for access to the share.
To test the setup to see that it works, you can use a crossover cable to connect your configuration machine directly to the Ethernet card with the static IP. The DHCP server should assign an IP address to your client machine. Then you can use your browser to access the eBox dashboard, although you can't reach the Internet.
To access the Internet, you need to set up the second network adapter with your public IP address; your provider might assign this to you dynamically, or you might have a static address. In Network | Gateways, you need to enter your Internet provider's IP address, as well as the address of the second network card as the Interface.
Now that your machine is part of the wild and woolly web, click on Firewall to set it up, then enable the module. Next, create a new rule that supports all outgoing data traffic and enable the firewall service in the Module Status section. To connect all the machines on your local network to your eBox, you need to use a hub without a separate DHCP server. If everything goes well, the computers should be able to use eBox as their gateway to the Internet.
This short proof of concept simply scratches the surface of eBox's capabilities. The word is that the forum [3] will soon have part two of the HOWTO with more useful steps, and you can always refer to the eBox User's Guide [1] until that happens. The guide explains the many eBox functions, although in parts it is skimpy on detail. If worst comes to worst, you should be able to find answers to your questions on the forum [4] and from the mailing list [5].
INFO |
[1] eBox User's Guide: http://ebox-platform.com/usersguide/en/html/ebox-userguide-book.html
[2] Stable eBox for Intrepid Ibex (8.10): https://launchpad.net/~ebox/+archive/ppa [3] Tutorial on the eBox forum: http://forum.ebox-platform.com/index.php?action=printpage;topic=896.0 [4] eBox forum: http://forum.ebox-platform.com [5] eBox mailing lists: http://ebox-platform.com/community/lists/ |